PRIVACY POLICY

Last updated: 3 March 2026

This Privacy Policy explains how we collect, use, share and protect your personal data when you visit our website, purchase products, create an account, sign up to marketing, or otherwise interact with Raffya.

1. Who We Are

Raffya is operated by:

Vyoma Brands Ltd
Company number: 16968522
Registered office: 71–75 Shelton Street, London, United Kingdom, WC2H 9JQ
VAT number: GB510749210

In this policy, “we”, “us”, “our” refers to Vyoma Brands Ltd trading as Raffya.

If you have any questions about this Privacy Policy or your personal data, please contact:

customercare@raffya.com

For the purposes of UK data protection law, we are the data controller of your personal data.

2. The Laws We Follow

We process personal data in accordance with:

  • UK GDPR

  • Data Protection Act 2018

  • Privacy and Electronic Communications Regulations (PECR)

  • Any applicable updates to UK data protection legislation

If you are located in the European Economic Area (EEA), we also aim to comply with EU GDPR requirements where applicable.

3. What Personal Data We Collect

We collect personal data depending on how you interact with Raffya.

3.1 Identity and Contact Data

  • Full name

  • Email address

  • Phone number

  • Billing address

  • Delivery address

3.2 Account Data

  • Login credentials

  • Order history

  • Saved preferences or wishlists

Passwords are encrypted/hashed via our secure e-commerce platform.

3.3 Order and Transaction Data

  • Products purchased

  • Payment status

  • Delivery details

  • Returns and exchanges

We do not store full payment card details. Payments are securely processed by third-party payment providers.

3.4 Marketing and Communications Data

  • Newsletter sign-up information

  • SMS marketing preferences (if applicable)

  • Marketing engagement (email opens, clicks, browsing behaviour where consented)

3.5 Technical and Usage Data

  • IP address

  • Browser type and version

  • Device information

  • Pages visited

  • Time and date of visits

  • Referring URLs

  • Cookie identifiers

4. How We Collect Your Data

We collect personal data:

  • Directly from you (checkout, account creation, newsletter sign-up, contacting customer service)

  • Automatically via cookies, pixels and analytics tools

  • From third parties such as:

    • Payment providers

    • Delivery partners

    • Fraud prevention services

5. How We Use Your Personal Data

We only process your data where we have a lawful basis.

5.1 To Process and Fulfil Orders

Lawful basis: Contract

  • Process payments

  • Dispatch goods

  • Provide delivery updates

  • Manage returns and refunds

5.2 To Provide Customer Support

Lawful basis: Legitimate interests / Contract

  • Respond to enquiries

  • Handle complaints

  • Maintain service records

5.3 To Send Marketing Communications

Lawful basis: Consent (or soft opt-in where permitted)

  • Email newsletters

  • Promotional campaigns

  • Product launches and offers

You can unsubscribe at any time by clicking the unsubscribe link in emails or contacting us.

5.4 To Improve Our Website and Services

Lawful basis: Consent (for non-essential cookies) / Legitimate interests

  • Website analytics

  • Performance monitoring

  • Understanding customer behaviour

5.5 For Fraud Prevention and Security

Lawful basis: Legitimate interests / Legal obligation

  • Fraud detection

  • Website security

  • Protection of customer accounts

5.6 To Comply with Legal Obligations

Lawful basis: Legal obligation

  • Tax and accounting requirements

  • Compliance with regulatory or law enforcement requests

6. Cookies and Similar Technologies

We use cookies and similar technologies (including pixels and tags) to:

  • Enable essential website functionality

  • Remember preferences

  • Analyse website traffic

  • Deliver personalised advertising (where consented)

Non-essential cookies are used only where you provide consent.

You can manage your cookie preferences at any time via our cookie banner or settings tool.

For further details, please refer to our Cookie Policy.

7. Sharing Your Personal Data

We share your data only where necessary to operate our business. This may include:

  • E-commerce platform providers (e.g. Shopify)

  • Payment processors (e.g. Stripe, PayPal, Klarna, Apple Pay, Google Pay, Shop Pay)

  • Delivery and courier services

  • Email and marketing service providers

  • Analytics providers (e.g. Google Analytics)

  • Advertising platforms (e.g. Meta, Google) where consented

  • Professional advisers (accountants, legal advisers)

  • Regulatory or law enforcement authorities where legally required

We do not sell your personal data.

8. Klarna

If you select Klarna as a payment option, we may share certain information (such as contact and order details) with Klarna so they can assess eligibility and provide their services. Klarna processes your data in accordance with its own privacy policy.

9. International Data Transfers

Some of our service providers may process personal data outside the UK or EEA.

Where this occurs, we ensure appropriate safeguards are in place, such as:

  • UK International Data Transfer Agreements (IDTA)

  • UK Addendum to EU Standard Contractual Clauses

  • The UK–US Data Bridge (where applicable)

10. Data Retention

We retain personal data only for as long as necessary.

Typical retention periods include:

  • Order and financial records: 6–7 years

  • Customer service correspondence: up to 24 months

  • Marketing records: until you unsubscribe

  • Account data: until closure or prolonged inactivity

We may retain data longer where required by law or for dispute resolution.

11. How We Protect Your Data

We use appropriate technical and organisational security measures, including:

  • Secure encrypted connections (HTTPS/SSL)

  • Restricted access to personal data

  • Secure hosting environments

  • Data processing agreements with suppliers

  • Ongoing monitoring and security controls

While no online platform is completely secure, we take reasonable steps to protect your information.

12. Your Rights

Subject to applicable law, you may have the right to:

  • Access your personal data

  • Correct inaccurate information

  • Request deletion

  • Restrict processing

  • Object to processing (including marketing)

  • Withdraw consent

  • Request data portability

  • Lodge a complaint with a supervisory authority

To exercise your rights, please contact:

customercare@raffya.com

13. Complaints

If you have concerns about how we handle your personal data, please contact us first.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):

https://ico.org.uk

14. Children

Our website is not intended for children, and we do not knowingly collect personal data from individuals under 18. If we become aware that a child has provided personal data, we will take appropriate steps to delete it.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

The most recent version will always be available on our website with the updated “Last updated” date.